Forum Discussion

Olayinka-F5LB's avatar
Olayinka-F5LB
Icon for Altocumulus rankAltocumulus
Aug 26, 2022

F5 communication with pool members

Hello community, Is it possible for an F5 to load balance traffic to pool members in a network segment if it doesn't have a self-IP in that network segment? **Please refer to the diagram attached**...
security
Mike757's avatar
Mike757
Icon for MVP rankMVP

I would also point that in your design you'll very likely need to use Source NAT in the Virtual Server.

That may introduce some issues regarding original client IP information loss (it would disappear from L3 headers). In HTTP traffic this is usually circumvented using the X-Forwarded-For header, but if you can use any similar technique really depends on the protocol in question.

The preferred design is getting your F5 box between the router and the servers, and making F5 the default gateway of said servers. This would ensure that return traffic will always get through F5, and a clean routing design doesn't need "tricks" like Source NAT or PBR.

/Mike/

JRahm's avatar
JRahm
Icon for Admin rankAdmin
Aug 26, 2022

Just a little gentle pushback...the preferred design should always comes down to each company's business, security, and operational requirements. What works for you or for me isn't the best path for others. The great thing is all of the choices here work, work well, and are supported configurations, with obvious tradeoffs that need to be considered.

  • buulam's avatar
    buulam
    Icon for Admin rankAdmin
    Aug 30, 2022

    And the great thing about BIG-IP is that you have granular options to route or SNAT  I've seen folks move to BIG-IP just because their previous platforms were all or nothing!